[Bug 30902] Arcania: Gothic 4 fails to start (hangs on startup)
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Dec 5 09:17:25 CST 2013
http://bugs.winehq.org/show_bug.cgi?id=30902
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |obfuscation
Status|NEW |RESOLVED
CC| |focht at gmx.net
Component|-unknown |user32
Resolution| |DUPLICATE
--- Comment #3 from Anastasius Focht <focht at gmx.net> 2013-12-05 09:17:25 CST ---
Hello folks,
confirming ... it's essentially a dupe of bug 27282
The game demo is protected with SecuROM v07.42.0004
--- snip ---
-=[ ProtectionID v0.6.4.0 JULY]=-
(c) 2003-2010 CDKiLLER & TippeX
Build 07/08/10-17:57:05
Ready...
Scanning -> Z:\home\focht\.wine\drive_c\Program Files\JoWooD Entertainment
AG\ArcaniA - Gothic 4 Demo\Arcania.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 24079360 (016F6C00h)
Byte(s)
[File Heuristics] -> Flag : 00000000000000000000000100000001 (0x00000101)
[!] SecuROM Detected - Version 07.42.0004
[!] Possible CD/DVD-Key or Serial Check -> evaluation version
[CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008)
- Scan Took : 1.978 Second(s)
--- snip ---
The DRM/software protection scheme employs several anti-debugging/hacking
measures.
One is the use of "watcher" thread(s) that look for running processes matching
a blacklist (debuggers, hacker tools, ...) by querying the window title.
The point where the hang/deadlock happens:
--- snip ---
...
0043:Call KERNEL32.GetProcAddress(7eca0000,100dc264 "FindWindowA") ret=01347836
0043:Ret KERNEL32.GetProcAddress() retval=7ecae278 ret=01347836
0043:Call user32.FindWindowA(00000000,100cde00 "vResourceViewer") ret=100501a6
0040:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000
ret=7ed5bad3
0043:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,08add260,ffffffff,00000040,00000000)
ret=7ed5bad3
0040:Call window proc 0x151d3d0
(hwnd=0x3006c,msg=WM_GETTEXT,wp=00000011,lp=049ade88)
0040:Call
KERNEL32.GetProcessTimes(ffffffff,049add7c,049add68,049add18,049add10)
ret=0151d558
0040:Ret KERNEL32.GetProcessTimes() retval=00000001 ret=0151d558
0040:Call KERNEL32.CompareFileTime(049add7c,01bf1b04) ret=0151d56b
0040:Ret KERNEL32.CompareFileTime() retval=00000000 ret=0151d56b
0040:Call KERNEL32.OpenEventA(00000002,00000000,01bf1b30
"SECUROM_SMS_EVENT_BREAKER") ret=0151d761
0040:Ret KERNEL32.OpenEventA() retval=00000000 ret=0151d761
0040:Call user32.DefWindowProcA(0003006c,0000000d,00000011,049ade88)
ret=0151e754
0040:Ret user32.DefWindowProcA() retval=00000000 ret=0151e754
0040:Ret window proc 0x151d3d0
(hwnd=0x3006c,msg=WM_GETTEXT,wp=00000011,lp=049ade88) retval=00000000
0043:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000
ret=7ed5bad3
0040:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,049ae738,ffffffff,000004ff,00000000)
ret=7ed5bad3
0043:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,08add260,ffffffff,00000040,00000000)
ret=7ed5bad3
000d:Ret KERNEL32.Sleep() retval=00000000 ret=00492bcd
001e:Ret KERNEL32.Sleep() retval=00000000 ret=00492bcd
...
--- snip ---
Thread 0x43 queries the window list.
The first query succeeds (WM_GETTEXT handled) because thread 0x40 owning
window(s) actually has a message pump.
Window creation:
--- snip ---
...
0040:Call user32.CreateWindowExA(00000000,049ae7e8
"Arcania.exe_24_5F77A6_1EB2446",00000000,08000000,ffff8000,ffff8000,00000001,00000001,00000000,00000000,00400000,01eb2462)
ret=0151ea2a
...
0040:Ret user32.CreateWindowExA() retval=0003006c ret=0151ea2a
--- snip ---
The second query blocks thread 0x43 indefinitely because thread 0x25 doesn't
handle messages at all.
Window creation (OLE init) and WaitForSingleObject:
--- snip ---
...
0025:Call user32.CreateWindowExW(00000000,7ea885e0 L"OleMainThreadWndClass
0x########
",00000000,00000000,00000000,00000000,00000000,00000000,fffffffd,00000000,7e990000,00000000)
ret=7e9ab7b5
...
0025:Ret user32.CreateWindowExW() retval=0001006a ret=7e9ab7b5
0025:Ret ole32.CoInitialize() retval=00000000 ret=0138112b
...
0025:Call KERNEL32.WaitForSingleObject(00000160,ffffffff) ret=0055b7d3
...
--- snip ---
Debugger session showing the relevant (blocked) thread backtraces:
--- snip ---
Wine-dbg>info thread
process tid prio (all id:s are in hex)
...
00000024 (D) C:\Program Files\JoWooD Entertainment AG\ArcaniA - Gothic 4
Demo\Arcania.exe
00000027 -1
00000026 0
0000001e 0
0000000d 0
0000000b 0
00000047 0
00000046 0
00000045 0
00000044 0
00000043 0
00000042 -2
00000041 -1
00000040 0
00000025 0 <==
...
--- snip ---
Blocked query thread:
--- snip ---
Wine-dbg>bt 0x43
Backtrace:
...
11 0x7ed1aa6f send_inter_thread_message+0xf2(info=0x8add350,
res_ptr=0x8add30c)
[/home/focht/projects/wine/wine-git/dlls/user32/message.c:3169] in user32
(0x08add2d8)
12 0x7ed1ad1c send_message+0x247(info=0x8add350, res_ptr=0x8add37c,
unicode=0x1) [/home/focht/projects/wine/wine-git/dlls/user32/message.c:3232] in
user32 (0x08add338)
13 0x7ed1b22a SendMessageW+0x60(hwnd=0x2006a, msg=0xd, wparam=0x11,
lparam=0x1cf578)
[/home/focht/projects/wine/wine-git/dlls/user32/message.c:3409] in user32
(0x08add388)
14 0x7ed4d3e7 GetWindowTextW+0x5a(hwnd=<couldn't compute location>,
lpString=<couldn't compute location>, nMaxCount=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:2728] in user32
(0x08add3b8)
15 0x7ed4b527 FindWindowExW+0x17f(parent=<couldn't compute location>,
child=<couldn't compute location>, className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1943] in user32
(0x08add418)
16 0x7ed4b7c5 FindWindowExA+0x177(parent=<couldn't compute location>,
child=<couldn't compute location>, className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1998] in user32
(0x08add688)
17 0x7ed4b622 FindWindowA+0x3f(className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1969] in user32
(0x08add6c8)
18 0x7bc6d966 relay_call+0x39() in ntdll (0x08add6f4)
19 0x7ecae28d in user32 (+0xe28c) (0x00000000)
...
--- snip ---
Thread that ought to handle the message:
--- snip ---
Wine-dbg>bt 0x25
Backtrace:
...
6 0x7b87604f WaitForSingleObject+0x45(handle=<couldn't compute location>,
timeout=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/kernel32/sync.c:128] in kernel32
(0x026ae668)
7 0x7bc6d966 relay_call+0x39() in ntdll (0x026ae6a0)
8 0x7b825979 in kernel32 (+0x15978) (0x026ae6c8)
9 0x0055b7d3 in arcania (+0x15b7d2) (0x026ae6c8)
10 0x00beb99f in arcania (+0x7eb99e) (0x026af320)
11 0x004032fc in arcania (+0x32fb) (0x026af6ac)
12 0x0210539e in arcania (+0x1d0539d) (0x026af6bc)
13 0x00b6bcac in arcania (+0x76bcab) (0x026af74c)
14 0x7b863ef0 call_process_entry+0xb() in kernel32 (0x026af7a4)
--- snip ---
For the curious: list of 'tools' the DRM scheme looks for ;-)
--- snip ---
$ cat log.txt | grep "FindWindowA(" | grep -Po '".*?"' | sort | uniq >
findwindow.txt
"18467-41"
"#32770"
"Anti-Blaxx"
"API Functions"
"ApiLogger"
"APIMonitor By Rohitab"
"Arcania"
"Atiptool"
"BusTrace Status"
"c1"
"c3"
"cuteProgressClass"
"DriverspyNT v1.20. (c)2001,2002 Collake Software"
"FileMonClass"
"File Monitor - Sysinternals: www.sysinternals.com"
"Fucker of CDROM Protections v0.81 Beta"
"Fucker of CDROM Protections v0.83 Beta"
"HANOLLY"
"icu_dbg"
"JCDSPY_NT_001"
"KaKeeware Application Monitor 1.21"
"kk1"
"Lbr68"
"[ LordPE Deluxe b ] by yoda"
"[ LordPE Deluxe ] by yoda"
"[ LordPE Dumper Server ]"
"[ LordPE RoyalTS ] by yoda"
"MyDEBUG"
"OLLYDBG"
"PEBrowse Professional Interactive"
"pediy06"
"Pr0t.St0p v1.0"
"Process Analyzer - right click on a process to access menu"
"Process Explorer - SysInternals: www.sysinternals.com [nexus4\\focht]"
"Process Monitor - Sysinternals: www.sysinternals.com"
"PROCEXPL"
"PROCMON_WINDOW_CLASS"
"SafeDisc4 Hider"
"SafeDisc4 Hider 1.0 \xa9 2005 SKULL"
"SafeDisc4 Hider 1.1 \xa9 2005 SKULL"
"SD4 Sucks v0.10 by Joseph Cox"
"Settings"
"SHADOW"
"Shell_TrayWnd"
"sniff_hit"
"SR7Stop"
"SR7.Stop v1.1"
"SR7.Stop v1.2"
"Starforce Nightmare"
"STARFUCK TOOL"
"SysAnalyzer"
"SysAnalyzer Configuration Wizard"
"Syser [Ctrl+F12]"
"TApplication"
"Task Explorer II - by Ntoskrnl"
"TForm1"
"ThunderRT6FormDC"
"ThunderRT6Main"
"TIdaWindow"
"TMainForm"
"ToolbarWindow32\xa0"
"Tsd4hideform"
"Virtual-CD-Hide"
"VMwareTrayIcon"
"vResourceViewer"
"WispWindowClass"
"Y.A.S.U v1.03 - Copyright \xa9 2006 CureROM DT"
"Y.A.S.U v1.04 - Copyright \xa9 2006 CureROM DT"
"Zeta Debugger"
--- snip ---
$ sha1sum ArcaniA_Gothic4_Demo_Setup.zip
f71c0ec7e90b34d2646263b4e4ff9b3a4f2d8231 ArcaniA_Gothic4_Demo_Setup.zip
$ du -sh ArcaniA_Gothic4_Demo_Setup.zip
1.8G ArcaniA_Gothic4_Demo_Setup.zip
$ wine --version
wine-1.7.7-307-g652c899
Regards
*** This bug has been marked as a duplicate of bug 27282 ***
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list